JP6927606B2 - Communication systems, communication control devices, communication equipment, communication methods and programs - Google Patents

Description

(Description of related application)
The present invention is based on the priority claim of Japanese patent application: Japanese Patent Application No. 2017-09733 (filed on May 16, 2017), and all the contents of the application are incorporated in this document by citation. Shall be.
The present invention relates to communication systems, communication control devices, communication devices, communication methods and programs.

In recent years, with the development of communication technology and information processing technology, the IoT (Internet of Things) called the Internet of Things has attracted attention, and a huge number of things (IoT terminals) such as sensors and surveillance cameras can be connected to the network. It is expected. In addition to collecting data, the number of IoT terminals (for example, sensors and control devices) that use data acquired via a network for adjustment and control of their own device is increasing. Specifically, the IoT terminal uses the input data acquired from a server or the like on the Internet to calibrate its own device (calibrate the sensor) or change the data collection control (for example, change the settings such as the data collection interval). It may be used.

In addition, a firewall device is often used to protect a device connected to a network such as an intranet from an attack from the outside (see Patent Document 1).

Japanese Unexamined Patent Publication No. 2015-41958

The disclosure of the above prior art documents shall be incorporated into this document by citation. The following analysis was made by the present inventors.

As mentioned above, the number of IoT terminals connected to the network is increasing. IoT terminals are often placed in an internal network protected by a firewall device, and these internal devices transmit packets to external devices connected to the external network, and response packets to the transmitted packets are internal devices. It is used to control (IoT terminal). Specifically, the external device that receives the packet transmitted from the internal device includes the instruction information for the internal device in the response packet transmitted to the internal device, and the internal device executes the instruction information included in the response packet.

By including the instruction information in the response packet to the transmission packet from the internal device, it is possible to control the internal device connected to the internal network (network protected by the firewall). In this way, when controlling from an external device connected to the network ahead of the firewall device to a sensor or control device connected to the closed network protected by the firewall device, from the sensor connected to the closed network, etc. Packets are transmitted to an external device, and control information is acquired using a response packet from the external device. The reason for using the response from the external device is that it is basically impossible to communicate from the external device to the internal device connected to the internal network separated by the firewall.

In this way, a packet is transmitted from the internal device to the external device, and the response packet transmitted from the external device to the internal device connected to the internal network in response to the transmitted packet includes instruction information. Instruction information is transmitted to internal devices. In a network system to which a firewall is applied, it is premised that communication from the internal device to the external device is performed first, and communication starting from the external device connected to the external network (direct from the external device to the internal device). Communication) is usually impossible.

Here, an internal device such as an IoT terminal is often designed to transmit a packet containing measurement data or the like to an external device at a predetermined transmission interval. Further, when a plurality of internal devices exist in the internal network, each of the internal devices performs the above-mentioned communication (transmission of a packet, reception of a response packet including instruction information).

Since information transmission from the external device to the internal device is performed by the response from the external device, in order to transmit information from the external device to the internal device at an appropriate timing, the communication interval from the internal device to the external device ( Frequency of sending and receiving packets) needs to be shortened. However, with such a response, many communications that are originally meaningless occur. That is, meaningless data (for example, unupdated data) is frequently transmitted from an internal device such as an IoT terminal to an external device, and a normal response packet (control instruction) from the external device to the internal device. Response packets that do not contain) will be sent frequently.

On the other hand, if the communication interval from the internal device to the external device is lengthened in order to avoid the occurrence of meaningless communication as described above, an opportunity for information transmission from the external device to the internal device cannot be created, and control to the internal device is not created. Cannot be executed at the right time.

An object of the present invention is to provide a communication system, a communication control device, a communication device, a communication method, and a program that realize information transmission to a device connected to an internal network at an appropriate timing.

According to the first aspect of the present invention, a plurality of first devices connected to the first network and a second device connected to the second network and communicating with the plurality of first devices. And a communication control device that relays communication between the first device and the second device, the second device is the first of the plurality of first devices. The communication control device includes the control information for at least one or more of the first devices among the plurality of first devices in the response packet to the packet received from the devices, and the communication control device is the control of the plurality of first devices. A communication system is provided that instructs a first device whose information is a target to perform an operation obtained from the control information.

According to the second aspect of the present invention, a plurality of first devices connected to the first network and a second device connected to the second network and communicating with the plurality of first devices. A communication control device that relays communication with and is a response packet from the second device to a packet received from the first device of any one of the plurality of first devices. A response packet containing control information for at least one or more of the first devices among the plurality of first devices is received, and for the first device among the plurality of first devices to which the control information is targeted. , A communication control device for instructing an operation obtained from the control information is provided.

According to a third aspect of the present invention, it is a communication device that communicates with a plurality of first devices connected to the first network, and is the first of the plurality of first devices. A communication device is provided which transmits a response packet to a packet received from a device including control information for at least one or more of the first devices among the plurality of first devices.

According to a fourth aspect of the present invention, a plurality of first devices connected to the first network and a second device connected to the second network and communicating with the plurality of first devices. In a communication system including a communication control device that relays communication between the first device and the second device, the second device is any one of the plurality of first devices. A step of transmitting the response packet to the communication control device, including control information for at least one or more of the first devices among the plurality of first devices, in the response packet for the packet received from the first device. A communication method is provided in which the communication control device includes, among the plurality of first devices, a step of instructing a first device targeted by the control information to perform an operation obtained from the control information. NS.

According to the fifth viewpoint of the present invention, a plurality of first devices connected to the first network and a second device connected to the second network and communicating with the plurality of first devices. A response packet from the second device to a packet received from the first device of the plurality of first devices to a computer mounted on the communication control device that relays communication with the first device. The process of receiving a response packet containing control information for at least one or more of the first devices among the plurality of first devices, and the control information of the plurality of first devices are targeted. A program for instructing one device to perform an operation obtained from the control information is provided.
Note that this program can be recorded on a computer-readable storage medium. The storage medium may be a non-transient such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium. The present invention can also be embodied as a computer program product.

According to each viewpoint of the present invention, a communication system, a communication control device, a communication device, a communication method, and a program that contribute to realizing information transmission to a device connected to an internal network at an appropriate timing are provided. NS.

It is a figure for demonstrating the outline of one Embodiment. It is a figure which shows an example of the schematic structure of the communication system which concerns on 1st Embodiment. It is a figure which shows an example of the data structure of the transmission history storage part. It is a figure which shows an example of the control information registered in the control information storage part. It is a figure which shows an example of the control information registered in the control information storage part. It is a figure which shows an example of the control information registered in the control information storage part. It is a figure which shows an example of the control information registered in the control information storage part. It is a figure which conceptually shows the response packet containing control information. It is a figure which shows an example of the hardware composition of a communication control device. It is a sequence diagram which shows an example of the operation of the communication system which concerns on 1st Embodiment. It is a figure which shows an example of the control information setting history output by the communication control device which concerns on 1st Embodiment.

First, an outline of one embodiment will be described. It should be noted that the drawing reference reference numerals added to this outline are added to each element for convenience as an example to aid understanding, and the description of this outline is not intended to limit anything. Further, the connecting line between the blocks in each figure includes both bidirectional and unidirectional. The one-way arrow schematically shows the flow of the main signal (data), and does not exclude interactivity. Further, in the circuit diagram, block diagram, internal configuration diagram, connection diagram, and the like shown in the disclosure of the present application, although not explicitly stated, an input port and an output port exist at the input end and the output end of each connection line, respectively. The same applies to the input / output interface.

The communication system according to one embodiment includes a plurality of first devices 50, a second device 51, and a communication control device 52 (see FIG. 1). The first device 50 is a device connected to a first network (for example, an intranet protected by a firewall). The second device 51 is a device that is connected to a second network (for example, the Internet beyond the firewall) and communicates with a plurality of first devices 50. The communication control device 52 is a device that relays communication between the first device 50 and the second device 51. The second device 51 is a first device at least one of the plurality of first devices 50 in response to a packet received from the first device 50 of the plurality of first devices 50. Include control information for 50. The communication control device 52 instructs the first device 50, which is the target of the control information, among the plurality of first devices 50, to perform an operation obtained from the control information.

In the above communication system, control information is transmitted from the second device 51, which is separated from the first device 50 by a firewall, to the first device 50. That is, the control information for the first device 50 belonging to the internal network (first network) whose communication from the outside is restricted by the firewall is transmitted from the second device 51. At that time, the second device 51 targets the first device 50 other than the first device 50 that transmitted the packet to the response packet of the packet transmitted by any of the plurality of first devices 50. Include control information. For example, the response packet to the packet transmitted by the first device A includes the control information for the first device B. The communication control device 52 transfers the response packet received from the second device 51 to the first device 50, and extracts the control information included in the response packet. After that, the communication control device 52 gives an operation instruction to the first device 50 based on the information obtained from the extracted control information.

The communication system includes a plurality of first devices 50, and if the number of these devices is sufficiently large, communication between the first device 50 and the second device 51 is performed with high frequency. That is, if each of the plurality of first devices 50 is observed individually, the communication between the first device 50 and the second device 51 may not be so frequent, but the plurality of first devices 50 It can be considered that the communication between the whole and the second device 51 is performed sufficiently frequently. In other words, the response packet from the second device 51 to the first network (the response packet to the communication control device 52 that relays the communication between the first device 50 and the second device 51) is It can be regarded as being transmitted frequently. Therefore, the second device 51 includes the frequently transmitted response packet with control information for the first device 50 different from the destination of the response packet, and transmits the control information. Further, the communication control device 52 receives the response packet and gives an operation instruction to the first device 50 based on the control information extracted from the response packet. As a result, information transmission to the target first device 50 is realized at an appropriate timing without generating unnecessary communication.

Specific embodiments will be described in more detail below with reference to the drawings. In each embodiment, the same components are designated by the same reference numerals, and the description thereof will be omitted.

[First Embodiment]
The first embodiment will be described in more detail with reference to the drawings.

FIG. 2 is a diagram showing an example of a schematic configuration of a communication system according to the first embodiment. Referring to FIG. 2, the communication system includes an internal network 1, an external network 2, a plurality of internal devices 10-1 to 10-3, a communication control device 20, a firewall device 30, and an external device 40. Consists of including.

In the following description, if there is no particular reason for distinguishing the internal devices 10-1 to 10-3, it is simply referred to as "internal device 10". Further, although FIG. 2 shows three internal devices 10, it goes without saying that the purpose is not to limit the number of internal devices 10 included in the communication system. The communication system may include one or more internal devices 10.

The communication system shown in FIG. 2 is a system that enables transmission of control information and the like to an internal device 10 in a closed network (internal network 1) in which communication from the outside is restricted by a firewall device 30. The internal network 1 is a closed network protected by the firewall device 30, for example, an intranet. The internal network 1 may be one network connected to the firewall device 30, or may be a plurality of networks.

The external network 2 is a network separated from the internal network 1 by the firewall device 30. The internal network 1 is a closed network protected by the firewall device 30, while the external network 2 is a network (unprotected network) outside the protection of the firewall device 30, for example, the Internet. The external network 2 may be one network connected to the firewall device 30, or may be a plurality of networks.

First, the operation outline of the communication system according to the first embodiment will be described with reference to FIG.

In the first embodiment, the internal device 10 is an IoT terminal such as a measuring device, and collects data on physical quantities such as temperature. The internal device 10 transmits the collected data to the external device 40 via the communication control device 20 (transmits a packet including the measurement data).

The communication control device 20 receives the packet transmitted from the internal device 10. The communication control device 20 stores the source of the packet, the transmission time, and the like, and transmits (transfers) the received packet to the external device 40 via the firewall device 30. At that time, the communication control device 20 performs packet transmission control according to a predetermined rule. For example, the communication control device 20 does not transmit the next packet for each internal device 10 until a predetermined period has elapsed from the packet previously transmitted to the external device 40. The communication control device 20 uses the transmission destination and transmission time of the stored packet for the packet transmission control.

The external device 40 receives the packet transmitted from the internal device 10 and collects measurement data such as temperature. Further, the external device 40 transmits a response packet toward the internal device 10 in response to receiving the transmission packet from the internal device 10.

As the response packet, a packet related to an acknowledgment (ACK; ACKnowledgement) is usually assumed, but a packet related to a negative response (NACK; Negative ACKnowledgement) may also be used.

Here, in the external device 40, information (control information) for controlling the internal device 10 may be registered by the administrator of the communication system or the like. That is, when the administrator or the like wants the internal device 10 to perform the calibration operation, or when the internal device 10 wants to change the operation, the setting, etc., the control information for instructing the internal device 10 to change the operation is provided. It is registered in the external device 40. The control information includes a combination of internal device identification information (for example, IP (Internet Protocol) address) for identifying the internal device 10 to be controlled and operation instruction information (for example, a command to be operated).

If the control information is registered in the own device by the administrator or the like, the external device 40 includes the control information in the response packet transmitted to the internal device 10.

The communication control device 20 receives the packet (response packet) transmitted from the external device 40 via the firewall device 30. The communication control device 20 transfers the response packet to the internal device 10 that has transmitted the measurement data (packet) to the external device 40. When the response packet contains control information, the communication control device 20 separates the control information from the response packet and extracts the control information.

After that, the communication control device 20 transmits a control instruction packet including the operation instruction information to the internal device 10 specified by the internal device identification information. The internal device 10 performs an operation according to the operation instruction information included in the acquired control instruction packet.

As described above, in the communication system of the first embodiment, the data (packets) transmitted from the internal device 10 are aggregated in the communication control device 20 and transmitted to the external device 40 via the communication control device 20. At that time, the communication control device 20 does not transfer the packet until a predetermined period elapses after the packet is first transmitted so that the data is not excessively transmitted to the external device 40. As a result, the load on the communication device including the external device 40 does not increase.

Further, the control information is transmitted from the external device 40 to the internal device 10 by a response packet to the internal device 10, and the response packet is an internal device that clearly indicates which internal device 10 the control information is directed to. The identification information and the operation instruction information which is the specific content thereof are included. This means that if any one of the plurality of internal devices 10 transmits data to the external device 40, the external device 40 can transmit control information to any internal device 10 included in the internal network 1. It means that it is possible. As a result, control information for the internal device 10 can be transmitted at an appropriate timing.

For example, in the example of FIG. 2, when the internal device 10-1 transmits a packet to the external device 40 via the communication control device 20 and the firewall device 30, the instruction information for the internal device 10-2 is transmitted to the internal device 10-. It can be included in the response packet to 1. In this case, for example, even if the internal device 10-2 is a device that does not transmit data for a long period of time, the control information is controlled to the internal device 10-2 triggered by the data transmission from the other internal device 10-1. Can be transmitted.

Subsequently, the details of each device included in the first embodiment will be described.

[Internal equipment]
The internal device 10 is a device connected to the internal network 1 by wire or wirelessly. The internal device 10 is a server device, an information processing device such as a personal computer, or a measuring device.

The measuring device detects physical quantities such as temperature and humidity, converts them into signals (digital data), and transmits the converted data to another device (external device 40 in the example of FIG. 2) via a network. Has the function of In addition, the measuring device acquires information (the above-mentioned operation instruction information) from another device or the like connected to the network. The measuring device changes various settings such as calibration of the own device and settings of the own device (for example, the time interval in which the own device operates) or changes the operation based on the operation instruction information.

As described above, the internal device 10 may be a device that controls its own operation according to a predetermined program from the information obtained by the sensor or the like built in the system, for example, a PLC (Programmable Logic Controller) or the like. Settings such as operation and judgment can be changed by information sent from the outside.

The internal device 10 connected to the internal network 1 includes a measuring device having the above functions in addition to a server device, an information processing device (computer), and the like. In the first embodiment, the internal device 10 will be described on the premise that it is a measuring device as described above. However, as described above, the internal device 10 may be a terminal such as a computer instead of the measuring device.

As shown in FIG. 2, the internal device 10 includes a sensor information acquisition unit 101, a reception unit 102, a transmission unit 103, and a control unit 104.

The sensor information acquisition unit 101 is a means for acquiring a physical quantity from a sensor (not shown) built in the own device and converting the physical quantity into digital data.

The receiving unit 102 is a means for receiving a packet. For example, the receiving unit 102 receives a response packet from the external device 40 via the communication control device 20, or receives a control instruction packet from the communication control device 20.

The transmission unit 103 is a means for transmitting a packet. For example, the transmission unit 103 transmits a packet containing data related to the physical quantity acquired by the sensor information acquisition unit 101 to the external device 40 via the communication control device 20 and the firewall device 30.

The control unit 104 is a means for controlling the entire internal device 10. Further, when the control unit 104 acquires the control instruction packet from the communication control device 20, the control unit 104 performs an operation according to the operation instruction information included in the packet. Specifically, if the operation instruction information is related to the calibration operation of the own device, the control unit 104 performs the instructed calibration operation. Alternatively, if the operation instruction information includes a command, the control unit 104 executes the acquired command.

The internal devices 10-1 to 10-3 can each have the same configuration.

[Communication control device]
The communication control device 20 is a device connected to the internal network 1 and has a function as a so-called gateway. The communication control device 20 relays communication between the internal device 10 connected to the internal network 1 and the external device 40 connected to the external network 2. More specifically, the communication control device 20 transmits and receives packets to and from the external device 40 via the firewall device 30 connected to the internal network 1.

The communication control device 20 receives a packet (a packet whose destination IP address is the external device 40) transmitted by the internal device 10 to the external device 40, and sends the packet to the external device via the firewall device 30 and the external network 2. Send to 40. Further, the communication control device 20 receives the response packet from the external device 40 via the external network 2 and the firewall device 30, and transfers the packet to the internal device 10. In this way, the communication control device 20 receives the packets output from one or a plurality of internal devices 10 connected to the internal network 1. The communication control device 20 transmits the received packet to the external device 40 connected to the external network 2.

Here, as described above, the response packet transmitted (replied) from the external device 40 may include control information (internal device identification information and operation instruction information). When the response packet contains control information, the communication control device 20 separates and extracts the control information from the received response packet. The communication control device 20 generates a control instruction packet based on the acquired operation instruction information, and transmits the packet to the internal device 10 specified from the internal device identification information. That is, the communication control device 20 instructs the internal device 10 targeted by the control information transmitted by the external device 40 among the plurality of internal devices 10 to perform an operation obtained from the control information.

As shown in FIG. 2, the communication control device 20 includes a receiving unit 201, a transmitting unit 202, a control unit 203, a response packet processing unit 204, a control information processing unit 205, and a transmission history storage unit 206. Consists of including.

The receiving unit 201 receives the packet transmitted by the internal device 10 via the internal network 1. Further, the receiving unit 201 receives the response packet transmitted by the external device 40 via the firewall device 30.

The transmission unit 202 transmits the packet received from the internal device 10 to the external device 40 via the firewall device 30 and the external network 2.

The control unit 203 has a function of controlling the interval at which packets are transmitted from the own device (communication control device 20) to the external device 40. The control unit 203 controls packet transmission from the internal device 10 to the external device 40 according to a predetermined rule. For example, the control unit 203 does not transmit the next packet until a predetermined period elapses after the internal device 10 transmits the packet to the external device 40.

Packet transmission control by the control unit 203 is performed for each of the internal devices 10. More specifically, the control unit 203 performs the packet transmission control for each internal device 10. For example, referring to FIG. 2, the control unit 203 transmits the next packet transmitted from the internal device 10-1 to the external device 40 until a predetermined period elapses after the internal device 10-1 transmits the packet. Do not send to. However, if another internal device 10-2 transmits a packet before the elapse of the predetermined period for the internal device 10-1, the control unit 203 transmits the packet first by the internal device 10-2. If a predetermined period has elapsed since then, the packet from the internal device 10-2 is transmitted to the external device 40.

In this way, the control unit 203 performs the packet transmission control for each internal device 10. That is, the control unit 203 controls packet transmission from the internal device 10 to the external device 40 so that the transmission interval between packets transmitted by the same internal device 10 to the external device 40 is longer than a predetermined period. ..

The threshold value used for the packet transmission control (value for comparing the difference between the immediately preceding packet transmission time and the current time; the predetermined period) may be common to all the internal devices 10 or may be common to the internal devices 10. It may be set individually for each of.

The response packet processing unit 204 is a means for processing the response packet from the external device 40 acquired via the firewall device 30. If the acquired response packet does not contain control information, the response packet processing unit 204 forwards the acquired response packet to the internal device 10 which is the destination of the packet (outputs the response packet from the transmission unit 202). ).

When the acquired response packet contains control information, the response packet processing unit 204 separates the control information from the response packet and extracts it. After that, the response packet processing unit 204 forwards the response packet from which the control information is extracted (not including the information) to the internal device 10 which is the destination of the packet. At that time, the response packet processing unit 204 corrects fields such as the packet size in the response packet as necessary. If the internal device 10 has been verified so as not to cause a malfunction even if the response packet contains control information for another device, the response packet processing unit 204 receives the response packet acquired from the external device 40. It may be sent to that destination as it is.

The response packet processing unit 204 delivers the control information extracted separately from the response packet to the control information processing unit 205. The internal device identification information is information for identifying the internal device 10, and corresponds to, for example, an IP address, a host name, sensor information, and the like. Further, the operation instruction information is information for controlling the internal device 10, and corresponds to, for example, a command, a program, or the like executed by the internal device 10.

The control information processing unit 205 transmits a control instruction packet including the operation instruction information also acquired from the response packet processing unit 204 to the internal device 10 specified by the internal device identification information acquired from the response packet processing unit 204 (. It is transmitted via the transmission unit 202). That is, the control information processing unit 205 instructs the internal device 10 specified by the internal device identification information to perform the operation specified by the operation instruction information notified by the external device 40.

As described above, the communication control device 20 has a function of specifying the internal device 10 to be controlled by the internal device identification information and instructing the specified internal device 10 to perform an operation according to the operation instruction information.

The transmission history storage unit 206 includes identification information (for example, IP address, host name, sensor information) for identifying the internal device 10 that is the source of the data received by the own device (communication control device 20), and the corresponding information. The time when the data is transmitted by the transmission unit 202 to the external device 40 is stored in association with each other (see FIG. 3). The information stored in the transmission history storage unit 206 is used for data transmission control by the control unit 203.

[Firewall device]
The firewall device 30 is a device that separates the internal network 1 and the external network 2 and executes packet filtering. The firewall device 30 is connected between one or more internal networks 1 and one or more external networks 2.

The firewall device 30 is a device that controls the transmission and reception of packets according to preset conditions. Specifically, the firewall device 30 defines a predetermined condition that defines an IP address, a communication port (port number), a protocol, communication control information (for example, communication attribute information included in a header), and a combination of two or more of these. And, it is determined whether or not it matches the information contained in the received packet.

The firewall device 30 discards packets that do not match the predetermined conditions without passing them through. On the other hand, if the information contained in the received packet matches the above-set conditions, does the firewall device 30 allow communication from the network (for example, the external network 2) according to the preset conditions? Decide whether to shut off.

The firewall device 30 passes the packet from the external network 2 (allows communication) or discards (blocks communication) depending on the result of the determination.

The firewall device 30 is realized by software installed in a computer or the like, and passes or blocks packets. Alternatively, the firewall device 30 may be a device having the above functions and configured with dedicated hardware. The filtering operation of the firewall device 30 is based on the so-called white list method, but it goes without saying that the filtering method may be based on the blacklist method.

In the first embodiment, the firewall device 30 can block communication from the external device 40 connected to the external network 2 to the internal device 10 and the communication control device 20 connected to the internal network 1, but the communication control device Communication from 20 mag to the external device 40 shall not be blocked.

Further, the firewall device 30 has information (for example, IP address, port number, communication control information, ACK number indicating that the connection destination has received the packet) obtained from the packet transmitted from the communication control device 20 or the like to the external device 40. Etc.) are memorized. After that, the firewall device 30 uses the information obtained from the response packet from the external device 40 after the communication control device 20 or the like transmits the packet to the external device 40 (IP address, port number, communication corresponding to the stored information). The control information (ACK number) and the previously stored information are compared to determine whether or not they match.

If they match, the firewall device 30 determines that the packet acquired from the external device 40 is a response packet to the packet transmitted by the communication control device 20 or the like to the external device 40, and the packet (external). The response packet transmitted from the device 40 to the communication control device 20 or the like) is passed through without being blocked.

In this way, the firewall device 30 corresponds to so-called dynamic filtering, and passes the response packet from the external device 40 to the packet transmitted from the internal device 10. That is, the firewall device 30 is transmitted from the communication control device 20 or the like to the external device 40 for a predetermined period, during the period from the start of communication to the end of the session, or until the end of communication from the external device 40. The above information obtained from the packet is stored and used for filtering the packet transmitted from the external device 40. The period until the communication from the external device 40 is completed means that the communication is started, FIN · ACK (FINISH · ACKnowledgement: the final acknowledgment among the affirmative responses) is sent, and the communication is terminated. Is the period until the firewall device 30 recognizes.

As described above, the firewall device 30 passes the response packet from the external device 40 by dynamic filtering, but communication from the external device to the internal device (packet packet) using so-called static filtering. Passage) may be allowed. That is, a filtering rule such that the source is the IP address of the external device 40 and the destination is the IP address of the internal device 10 may be registered in the firewall device 30 to realize the passage of the response packet.

[External device]
The external device 40 is a device that receives a transmission packet from the internal device 10. Further, the external device 40 is a device that transmits a response packet including control information as needed. More specifically, the external device 40 internally registers the internal device identification information corresponding to the internal device 10 to be controlled and the operation instruction information indicating the specific control content in advance.

When the external device 40 receives the packet transmitted from the communication control device 20, if the control information is registered, the external device 40 includes the registered control information in the response packet to the received packet and passes through the firewall device 30. Is transmitted to the communication control device 20. That is, the external device 40 includes control information for at least one or more of the internal devices 10 among the plurality of internal devices 10 in the response packet to the packet received from the internal device 10 of the plurality of internal devices 10.

As shown in FIG. 2, the external device 40 includes a control information input unit 401, a reception unit 402, a control unit 403, a transmission unit 404, and a control information storage unit 405.

The control information input unit 401 is a means for receiving input of control information (internal device identification information and operation instruction information) from a user such as a network administrator. The control information input unit 401 includes internal device identification information for identifying the internal device 10 to be controlled among a plurality of internal devices 10 input by the user, and an operation of causing the internal device 10 to be controlled to execute the control information input unit 401. The operation instruction information (specific content when controlling the internal device 10) is associated with and registered in the control information storage unit 405.

The operation instruction information is information that clearly indicates a specific operation required for the internal device 10, and examples thereof include a command, a program that executes the command, and an argument given to the program when the program is executed. For example, a command, a program, or the like that causes the internal device 10 to perform a calibration operation is included in the operation instruction information. Alternatively, even if text information such as an instruction requesting the internal device 10 to perform a calibration operation or setting parameters when the internal device 10 operates (for example, start cycle in intermittent operation, start time, etc.) is used as the operation instruction information. good.

FIG. 4 is a diagram showing an example of control information registered in the control information storage unit 405. As shown in FIG. 4, one internal device identification information and one operation instruction information can be registered in the control information storage unit 405 on a one-to-one basis.

The control information input unit 401 may register the internal device identification information and the operation instruction information in the control information storage unit 405 on a one-to-one basis, or may register the internal device identification information and the operation instruction information on a one-to-many basis. That is, a plurality of operation instruction information may be associated with one internal device identification information. For example, a case where another operation instruction information is used after a lapse of a predetermined period after a certain operation instruction information is used is exemplified as a case where there is a plurality of information to be set in one internal device 10.

In this case, the control information registered by the control information input unit 401 is configured so that a plurality of operation instruction information can be separated from one internal device identification information, and the method of using the plurality of operation instruction information can be used. It suffices if it is specified.

When associating a plurality of operation instruction information with one internal device identification information, for example, as shown in the first line of FIG. 5, the data structure (arrangement of the internal device identification information and the operation instruction information) is predetermined and used. You just have to specify the method. In the example of FIG. 5, by arranging the two operation instruction information separated by a comma, the external device 40 sets the instruction 1 (Instruction_1) to the internal device 10 (IP address = 192.168.0.0.X1). Another instruction 2 (Instruction_2) can be transmitted to the same internal device 10 after Y1 second has elapsed from the transmission.

Alternatively, the data configuration as shown in the first line of FIG. 5 may be separably included in the response packet. By transmitting a response packet containing one internal device identification information, a plurality of operation instruction information, and its usage method separably to the communication control device 20, the communication control device 20 sequentially executes different controls for the same internal device 10. can do.

Alternatively, a plurality of internal device identification information and one operation instruction information may be associated with each other (see the first line of FIG. 6). For example, the case where the same operation instruction information is given to a plurality of internal devices 10 corresponds to the above case. Even in this case, the data configuration (arrangement of internal device identification information and operation instruction information) may be predetermined, or the information indicating the data configuration may be separably included in the response packet. You will need it.

In the example of FIG. 6, by assigning one operation instruction information to the three internal device identification information, three control information (combination of the internal device identification information and the operation instruction information) is substantially expressed. That is, the control information consisting of the internal device identification information (192.168.0.X1) and the instruction (Instruction_1), the control information consisting of the internal device identification information (192.168.0.X2) and the instruction (Instruction_1), and the control information. Three control information, that is, the control information including the internal device identification information (192.168.0.X3) and the instruction (Instruction_1), is described in the first line of FIG.

Further, if the data configuration shown in FIG. 6 is included in the response packet, it can be interpreted that the communication control device 20 that has received the response packet includes the above three control information.

Alternatively, a plurality of internal device identification information and a plurality of operation instruction information may be associated with each other (many-to-many relationship; see FIG. 7). That is, control information such as a combination of the control information shown in the first line of FIG. 5 and the control information shown in the first line of FIG. 6 may be used.

As described above, the configuration such as the combination of the control information and the data related to the contents to be input to the external device 40 can be freely set.

The receiving unit 402 receives the packet transmitted from the communication control device 20 via the external network 2 or the like.

The control unit 403 refers to the control information storage unit 405 and confirms whether or not the control information is registered. If the control information is registered, the control unit 403 is a packet for acquiring the registered control information (combination of internal device identification information and operation instruction information) and returning the packet to the communication control device 20. Generate a response packet containing the acquired control information. When the response packet including the control information is generated, the control unit 403 deletes the corresponding control information from the control information storage unit 405.

Here, the control information (combination of the internal device identification information and the operation instruction information) included in one response packet may be one, or a plurality of control information may be included.

For example, referring to FIG. 4, the control unit 403 includes the control information (internal device identification information 192.168.0.0.X1 and operation instruction information Instruction_1) in the first line in one response packet, and includes the control information in the second line. The control information (internal device identification information 192.168.0.X2 and operation instruction information Instruction_2) may be included in other response packets.

Alternatively, the control unit 403 may include a plurality of control information (control information in the first line and the second line in the example of FIG. 4) in one response packet. When a plurality of control information is included in one response packet, the control unit 403 inserts information (separator) such as a delimiter between each control information, so that the plurality of control information is regarded as one information. Summary It may be included in the response packet.

Examples of the delimiter include commas, spaces, colons, semicolons, and the like. However, the information that separates the information is not limited to these. In addition to the above, any character code or character code string that can be recognized as a data delimiter may be used.

FIG. 8 is a diagram conceptually showing a response packet including control information generated by the control unit 403. As shown in FIG. 8, a plurality of control information may be included in one response packet. In the example of FIG. 8, control information A and control information B are included.

Further, as shown in FIG. 8, each control information expresses a one-to-many combination by inserting a delimiter between the internal device identification information or the operation instruction information. A comma, a space, a colon, a semicolon, or the like can be used as the delimiter for separating the internal device identification information and the like. Although it is shown in FIG. 8 that a line feed code is inserted after the internal device identification information or the like, the data string can actually be one connected column. That is, in the case of the display format as shown in FIG. 6, a line feed code is inserted at the end of each line, but the delimiter, the line feed code, and the line feed code are not necessarily limited to such a display format. Not necessary. Further, the delimiter and the code may be the same as long as the format related to the arrangement of each data is determined in advance, and the delimiter and the code may be different depending on the target.

In the example of FIG. 8, the delimiter between the internal device identification information that identifies the internal device is a character code representing a comma, and the delimiter between the control information is a blank line. However, the delimiter or code is not limited to these, and any character or code may be used as the delimiter as long as it is a character or code that is not included in the character string expressing the information. , Each may be different.

The transmission unit 404 transmits the response packet generated by the control unit 403 to the communication control device 20 via the external network 2 or the like.

The control information storage unit 405 stores control information (a pair of internal device identification information and operation instruction information; see FIGS. 4 to 7) from the control information input unit 401. As described above, the internal device identification information is information (for example, an IP address) for identifying (identifying) the internal device 10 to be controlled. Further, the operation instruction information is information for controlling the internal device 10, and is, for example, a command, a program, an argument, or the like. As described above, the correspondence between the internal device identification information and the operation instruction information does not have to be one-to-one, and may be one-to-many or many-to-many.

[Hardware configuration]
Subsequently, the hardware of the device forming the communication system according to the first embodiment will be described. FIG. 9 is a diagram showing an example of the hardware configuration of the communication control device 20.

The communication control device 20 includes, for example, a CPU (Central Processing Unit) 21, a memory 22, an input / output interface 23, and a NIC (Network Interface Card) 24 as a communication means, which are connected to each other by an internal bus.

However, the configuration shown in FIG. 9 is not intended to limit the hardware configuration of the communication control device 20. The communication control device 20 may include hardware (not shown). Further, the number of CPUs and the like included in the communication control device 20 is not limited to the example of FIG. 9, and for example, a plurality of CPUs may be included in the communication control device 20.

The memory 22 is a RAM (Random Access Memory), a ROM (Read Only Memory), and an auxiliary storage device (hard disk or the like).

The input / output interface 23 is an interface of a device for inputting / outputting information such as a display device and an input device. The display device is, for example, a liquid crystal display or the like. The input device is, for example, a device that accepts user operations such as a keyboard and a mouse, and a device that inputs information from an external storage device such as a USB (Universal Serial Bus) memory. The user inputs necessary information into the communication control device 20 using a keyboard, a mouse, or the like.

The function of the communication control device 20 is realized by the above-mentioned processing module. The processing module is realized, for example, by the CPU 21 executing a program stored in the memory 22. In addition, the program can be downloaded via a network or updated using a storage medium in which the program is stored. Further, the processing module may be realized by a semiconductor chip. That is, the function performed by the processing module may be realized by executing software on some hardware.

The basic configuration of the hardware of the internal device 10, the firewall device 30, and the external device 40 can be the same as that of the communication control device 20, and the description thereof will be omitted because it is obvious to those skilled in the art. However, in the first embodiment, since the internal device 10 is a measuring device, it goes without saying that the internal device 10 includes a sensor corresponding to each measurement.

[Communication system operation]
Subsequently, the operation of the communication system according to the first embodiment will be described. FIG. 10 is a sequence diagram showing an example of the operation of the communication system according to the first embodiment.

When operating the communication system, the system administrator or the like registers control information (combination of internal device identification information and operation instruction information) in the external device 40 in advance. That is, the external device 40 inputs the control information (step S101).

Next, the internal device 10 acquires information from a sensor built in the own device (step S201).

After that, the internal device 10 transmits a packet including the acquired data (measurement data) to the communication control device 20 (step S202).

The communication control device 20 receives the packet transmitted by the internal device 10 via the internal network 1 (step S301).

The control unit 203 of the communication control device 20 controls the timing of transmitting the packet received from the internal device 10 to the external device 40 by the following method.

The control unit 203 acquires the latest time (previous packet transmission time) of transmitting the packet to the external device 40 regarding the internal device 10 that received the packet from the transmission history storage unit 206 (step S302). After that, the control unit 203 calculates the difference between the time when the packet was first transmitted and the current time when the packet is to be transmitted to the external device 40. That is, the control unit 203 calculates the elapsed period from receiving the packet from the internal device 10 with respect to the internal device 10 that has transmitted the packet.

For example, in FIG. 3, the internal device identification information is 192.168.0.0. When the internal device 10 of X1 transmits a packet, the difference between the current time and the latest transmission time (January 1, 2017, 23:10:02) is the elapsed period calculated above. After that, the control unit 203 compares the calculated elapsed period with a predetermined period (threshold value) predetermined for each internal device 10 and determines whether or not the elapsed period is longer than the predetermined period. ..

As a result of the determination, when the elapsed period is shorter than the predetermined period (threshold value for each internal device 10) and the predetermined period has not elapsed (step S303, No branch), the control unit 203 is determined for each internal device 10. After a lapse of a predetermined time, the received packet is controlled to be transmitted to the external device 40. Specifically, the control unit 203 does not immediately transmit the packet received from the internal device 10, but waits until a predetermined period determined for each internal device 10 elapses (step S304).

As a result of the determination, when the elapsed period is longer than the predetermined period and the predetermined period has elapsed (step S303, Yes branch), the control unit 203 immediately transmits the received packet to the external device 40 (step S305). ).

By such control by the control unit 203, even if the packet transmission requests to the external device 40 connected to the external network 2 are concentrated in a specific period, the actual communication (packet transmission) to the external device 40 is distributed. .. The above-mentioned predetermined period (transmission interval for each internal device 10) may be a predetermined value or a value calculated according to the specifications of the external device 40. Specifically, it may be a value obtained by dividing a predetermined period by the number of times the external device 40 transmits control information to the internal device 10 (that is, the number of times of control) within a predetermined period. For example, when the external device 40 needs to transmit a packet containing control information 10 times in 60 minutes, the value (6 minutes) obtained by dividing a predetermined period (60 minutes) by the number of controls (10 times) is calculated. It may be the transmission interval of the internal device 10. That is, the above situation means that the external device 40 needs 10 times of transmission of control information in 60 minutes, but from the internal device 10 which is a premise of the 10 times of transmission of control information. The transmission interval may be determined so that the packet transmission to the external device 40 is not concentrated at a specific time but is time-leveled within 60 minutes.

After transmitting the packet to the external device 40, the control unit 203 stores the time when the packet is transmitted in the transmission history storage unit 206 together with the identification information of the internal device 10 (step S306).

Since the packet transmitted in step S305 is a packet directed from the internal network 1 to the external network 2, the firewall device 30 passes the packet (step S401). At that time, the firewall device 30 stores the IP address and the like of the passed packet for a predetermined period (for example, a period until the communication with the external device 40 is completed).

The receiving unit 402 of the external device 40 receives the packet transmitted from the communication control device 20 (step S102).

When the packet reception is completed (step S103, Yes branch), the control unit 403 has the control information (combination of the internal device identification information and the operation instruction information) registered in the control information storage unit 405 by the control information input unit 401. It is confirmed whether or not (step S104).

If the control information is not registered (step S105, No branch), the processes after step S107 are executed.

If the control information is registered (step S105, Yes branch), the control unit 403 acquires the control information from the control information storage unit 405 and generates a response packet including the control information (step S106). At that time, as described above, a plurality of control information may be included in one response packet by using a delimiter (for example, a comma). Further, as described above, the internal device identification information and the operation instruction information constituting each control information do not have to be one-to-one, and may have a many-to-many relationship.

When the response packet is generated, the transmission unit 404 transmits the response packet to the communication control device 20 (step S107). The response packet transmitted by the external device 40 can include control information for the internal device 10 different from the internal device 10 that has transmitted the packet to the external device 40 among the plurality of internal devices 10. Of course, the internal device 10 that is the destination of the response packet and the internal device 10 that is the target of the control information may match.

The firewall device 30 passes the response packet transmitted from the external device 40 (step S402). That is, the response packet is a packet corresponding to the packet for which communication is permitted in step S401, and passage is permitted by dynamic filtering by the firewall device 30.

The receiving unit 201 of the communication control device 20 receives the response packet transmitted from the external device 40 (step S307).

The response packet processing unit 204 confirms whether or not the received response packet contains control information (step S308).

If the control information is not included (step S309, No branch), the response packet processing unit 204 transfers the received response packet to the necessary internal device 10 and ends the processing.

If the control information is included (step S309, Yes branch), the response packet processing unit 204 separates and extracts the control information from the response packet (step S310).

As described above, various forms can be considered for the data structure of the control information included in the response packet. For example, in one response packet, a plurality of control information may be connected and accommodated, or a plurality of operation instruction information may be continuously accommodated after a plurality of internal device identification information are consecutively accommodated. As described above, the configuration such as the combination of the control information included in one response packet and the data related to the content thereof can be freely set.

The control information extracted from the response packet is passed to the control information processing unit 205.

The control information processing unit 205 gives an operation instruction to the internal device 10 based on the acquired control information (step S311).

Specifically, the control information processing unit 205 transmits a control instruction packet including the operation instruction information to the internal device 10 specified by the internal device identification information. At that time, when a plurality of control information is extracted from one response packet, the control information processing unit 205 transmits a control instruction packet corresponding to each control information. That is, the control information processing unit 205 acquires a plurality of control information partitioned by a delimiter or the like, and performs processing according to each control information. For example, in the example of FIG. 8, the control information processing unit 205 acquires the control information A and the control information B as control information.

Regarding the control information A, the control information processing unit 205 has an IP address of 192.168.0.0. A control instruction packet including Instruction_1 is transmitted to the internal device 10 which is X1, and then, after Y1 seconds have elapsed, a control instruction packet including Instruction_1 is transmitted to the same internal device 10.

Further, regarding the control information B, the control information processing unit 205 has an IP address of 192.168.0.0. X2 and 192.168.0. A control instruction packet including Instruction_3 is transmitted to each internal device 10 of X3.

With the above measures, it is possible to cause a plurality of internal devices 10 to execute a plurality of processes by one response packet (ACK information) returned by the external device 40 connected to the external network 2. That is, the external device 40 can control (transmit and set control information) to any internal device 10 connected to the internal network 1.

The internal device 10 receives the control instruction packet and executes an operation according to the operation instruction information included in the packet (step S203). For example, the internal device changes its own calibration operation, various settings such as an operation interval for detecting physical quantities such as temperature and humidity, or changes in operation and judgment.

[Modification example]
The configuration of the communication system (FIG. 2) described in the above embodiment is an example, and is not intended to limit the configuration of the system. For example, the function of the communication control device 20 may be realized by the firewall device 30. Alternatively, the function of the communication control device 20 may be realized by a proxy server or the like.

In the above embodiment, the communication control device 20 executes the transmission control of the packet transmitted from each internal device 10, but the control may be executed by each of the plurality of internal devices 10. Specifically, each internal device 10 may not transmit a new packet until a predetermined period has elapsed since the packet was first transmitted. However, when each internal device 10 transmits packets at a predetermined time (timing), the packets transmitted from the internal device 10 to the external device 40 are concentrated at the same time, and the external device 40 Load may increase. In order to solve such an inconvenience, each internal device 10 may randomly transmit a packet to the external device 40. For example, consider a case where each internal device 10 needs to transmit measurement data when the date changes (that is, 0:00). In this case, at 0:00, the packets transmitted from each internal device 10 to the external device 40 are concentrated. Therefore, each internal device 10 may randomly transmit a packet between 10 minutes before and after the date changes (between 23:50 and 0:10). By such measures, it is possible to alleviate the load increase of the external device 40 at a specific timing. That is, even if the system does not include the communication control device 20, packet transmission control by the internal device 10 such that each internal device 10 voluntarily shifts the communication timing is used to perform communication from the internal device 10 to the external device 40. Time leveling can be achieved.

In the above embodiment, the case where the control information is stored inside the external device 40 has been described, but the control information transmitted by the external device 40 to the internal device 10 is another information processing device connected to the external network 2 or the like ( For example, it may be stored in a database server or the like).

In the above embodiment, it is assumed that all the packets transmitted by the internal device 10 to the outside of the internal network 1 pass through the communication control device 20, but some packets (for example, packets addressed to the external device 40) may be included. It may pass through the communication control device 20 as long as possible. For example, a third external network (not shown) different from the external network 2 is connected to the internal network 1 shown in FIG. 2, and a server device (not shown) is connected to the third network. Consider the case of being connected. In this case, the internal device 10 may communicate with the external device 40 via the communication control device 20 and may communicate with the server device connected to the third network without going through the communication control device 20. Even when the internal device 10 communicates with the server device without going through the communication control device 20, it is desirable that the internal device 10 communicates with the server device via the firewall device 30.

When the number of internal devices 10 connected to the internal network 1 is small, or when the number of internal devices 10 connected to the internal network 1 is large, each internal device 10 hardly transmits a packet to the external device 40. In some cases, there may be few opportunities for information transmission from the external device 40 to the internal device 10. In such a case, the communication control device 20 may transmit a dummy packet to the external device 40 instead of the internal device 10 according to a predetermined rule (for example, a predetermined timing or a predetermined period). .. By transmitting the dummy packet by the communication control device 20, it is possible to surely secure an opportunity for information transmission by the external device 40.

In the above embodiment, the communication control device 20 implements packet transmission control for each internal device 10. However, the communication control device 20 may execute packet transmission control not for each internal device 10 but for all internal devices 10. Specifically, even if the internal device 10 that has transmitted the packet first and the internal device 10 that intends to transmit the packet after that are different, the communication control device 20 has a predetermined period from the previous packet transmission. The packet may not be transmitted until after the elapse of. By such measures, the packets transmitted to the external device 40 are surely limited, and the load increase of the device can be suppressed.

In the above embodiment, the communication control device 20 is not involved in the data included in the packet transmitted from the internal device 10, but the data transmission control may be executed in consideration of the data of the packet. For example, the communication control device 20 may discard the packets acquired from the second time onward as long as the data transmitted from the same internal device 10 is the same.

When the response packet is transmitted from the external device 40 to the internal device 10, the external device 40 may encrypt and transmit the control information included in the response packet, and the communication control device 20 may combine the encryption. As the encryption method at that time, any method such as a common key cryptosystem and a public key cryptosystem can be used.

Even if the communication control device 20 outputs the history information regarding the instruction to the internal device 10 to the external device so that the user (administrator of the communication system) can confirm what kind of operation instruction is given to which internal device 10. good. For example, the communication control device 20 may print the control information setting history as shown in FIG. 11, display it on a liquid crystal monitor or the like, or store it in a USB memory or the like.

Further, in the plurality of flowcharts used in the above description, a plurality of steps (processes) are described in order, but the execution order of the steps executed in each embodiment is not limited to the order of description. In each embodiment, the order of the illustrated steps can be changed within a range that does not hinder the contents, for example, each process is executed in parallel. In addition, the above-described embodiments can be combined as long as the contents do not conflict with each other.

As described above, with the development of communication technology and information processing technology, IoT terminals such as measuring instruments are often connected to networks. In addition, a firewall device is usually installed to protect devices connected to the internal network from attacks from the outside. In such an environment, in order to transmit information such as control information to an IoT terminal such as the internal device 10, it is premised that a packet is transmitted from the internal device to the external device and the response packet is used. It has become. This is because without such communication, it is basically impossible to communicate with the internal device isolated by the firewall device.

In this way, information transmission from the external device to the internal device is performed by the response from the external device. Therefore, in order to increase the frequency of information transmission from the external device and secure an opportunity for information transmission, the internal device should be used. It is necessary to increase communication to external devices. However, in such a measure to narrow the communication interval, many originally meaningless communications occur, which affects the load of the communication device (for example, a firewall device or an external device).

On the other hand, if the communication interval from the internal device to the external device is lengthened for the purpose of reducing the load on the communication device, an opportunity for information transmission from the external device to the internal device cannot be created, and control to the internal device is performed at an appropriate timing. Cannot be executed. In this way, in order to increase the opportunities for information transmission from the external device to the internal device, it is necessary to shorten the communication interval from the internal device to the external device, but if the above communication interval is shortened, communication for the internal device can be achieved. Unused packet transmissions also occur frequently, which affects the load on communication devices such as external devices. On the other hand, if the communication interval is lengthened, the chances of transmitting information to the internal device are reduced, and there arises a problem that the internal device cannot be controlled at an appropriate timing.

Furthermore, when there are multiple internal devices in the internal network, the external devices need to transmit control information individually for each internal device to be controlled, which is a factor that increases the load on the external devices. obtain. Furthermore, at this time, there is no unified standard for the information transmitted from the external device to the internal device (that is, the meaning of the information contained in the response packet is not considered). , The internal device may not be able to handle the information transmitted from the external device. That is, even if the internal device receives the response packet containing the operation instruction information, if the instruction content cannot be correctly grasped (the content of the response packet is correctly interpreted), the acquired response packet contains the operation instruction information. Can't respond to the instructions correctly.

Alternatively, there may be an internal device that does not have a function for confirming control information from the internal device to the external device, and there is also a problem that such an internal device cannot be controlled by the external device. ..

In the communication system according to the first embodiment, the following measures are taken to deal with the various problems as described above.

The packet transmitted from the internal device 10 to the external device 40 is transmitted to the communication control device 20, and the packet is transmitted to the external device 40 via the communication control device 20. At that time, the communication control device 20 executes packet transmission control for each internal device 10, and controls so that communication with the external device 40 is not concentrated during a specific period. As a result, the time interval (transmission interval) related to packet transmission from the internal device 10 to the external device 40 can be equalized.

Further, since the external device 40 can include the control information for the internal device 10 different from the internal device 10 that transmitted the packet in the response packet, the internal device 10 that needs to be controlled (transmission of the control information is necessary) Even when the packet is not transmitted for a long period of time, the internal device 10 can be controlled at a required timing (that is, without a large time interval).

As described above, in the first embodiment, all or part of the communication transmitted from the internal device 10 to the external device 40 connected to the external network 2 separated by the firewall device 30 is from the external device 40. The response packet includes control information (at least two or more pieces of information for controlling the internal device; internal device identification information, operation instruction information) and transmits the control information to the communication control device 20. The communication control device 20 separates and extracts the control information from the response packet, identifies the internal device 10 to be controlled from the control information, and transmits the operation instruction information to the specified internal device 10. When the internal device 10 executes the operation instruction, the external device 40 can control any internal device 10 connected to the internal network 1.

Further, the control information registered in the external device 40 and the control information transmitted from the external device 40 to the internal device 10 can include not only one control information but also a plurality of information by delimiters such as commas. Further, with respect to the internal device identification information and the operation instruction information forming each control information, a plurality of internal device identification information and a plurality of operation instruction information can be included in one control information. That is, it is possible to include a plurality of control information and a plurality of internal device identification information in one response packet, and the communication control device 20 that has received the response packet may include a plurality of control information and a plurality of internal device identification information according to the reception of the response packet. The same operation instruction can be given to the internal device 10, or different operation instructions can be given to the same internal device 10 in a specified order (time). As a result, not only can the amount of communication between the internal network 1 and the external network 2 be suppressed, but also fine control of the internal device 10 existing inside the internal network 1 can be executed at once.

As described above, in the first embodiment, the communication control device 20 is a closed network (internal network 1) protected by the firewall device 30 from the external device 40 connected to the external network 2 ahead of the firewall device 30. Obtain control information (combination of internal device identification information and operation instruction information) for the internal device 10 connected to the network. After that, the communication control device 20 can separate the control information from the response packet and cause the internal device 10 indicated by the internal device identification information to execute the process indicated by the operation instruction information.

Further, the communication control device 20 obtains different types of control information for the plurality of internal devices 10 from the external device 40, separates the control information from the response packet, and specifies the internal device 10 from the control information. It is possible to execute the specified processing for each.

Further, the communication control device 20 is a transmission interval of all communications from the internal device 10 connected to the internal network 1 protected by the firewall device 30 to the external device 40 connected to the external network 2 ahead of the firewall device 30. By controlling the above, the control information from the external device 40 can be obtained without an interval, and the control for the internal device 10 can be processed at an appropriate interval.

Some or all of the above embodiments may also be described as, but not limited to, the following embodiments.
[Form 1]
This is the communication system according to the first viewpoint described above.
[Form 2]
The communication control device is
Packet transmission from the same first device to the second device so that the transmission interval between packets transmitted by the same first device to the second device is longer than a predetermined period. The communication system of the first embodiment, which controls the above.
[Form 3]
Further including a firewall device connected to the first network,
The communication control device is preferably the communication system of the first or second form, which transmits / receives packets to / from the second device via the firewall device.
[Form 4]
In the response packet transmitted by the second device, the control information for the first device different from the first device that transmitted the packet to the second device among the plurality of first devices is included in the response packet. The communication system according to any one of embodiments 1 to 3, preferably included.
[Form 5]
The communication system according to any one of embodiments 1 to 4, wherein the second device includes a plurality of the control information in one response packet.
[Form 6]
The control information includes device identification information for identifying the first device to be controlled among the plurality of first devices, and operation instruction information regarding an operation to be executed by the first device to be controlled. And, preferably the communication system according to any one of embodiments 1 to 5.
[Form 7]
The communication control device is
The communication system of the sixth embodiment instructing the first device specified by the device identification information to perform an operation based on the operation instruction information.
[Form 8]
The control information includes a plurality of the device identification information or the plurality of operation instruction information, preferably the communication system of the sixth or seventh form.
[Form 9]
The communication control device is
The communication according to any one of embodiments 1 to 8, preferably outputting historical information in which the first device instructing the operation obtained from the control information and the instructed control information are associated with each other to an external device. system.
[Form 10]
This is as described in the communication control device according to the second viewpoint described above.
[Form 11]
This is the communication device according to the third viewpoint described above.
[Form 12]
This is the communication method according to the fourth viewpoint described above.
[Form 13]
This is the program related to the fifth viewpoint described above.
It should be noted that the forms 10 to 13 can be developed like the forms 2 to 9 as in the form 1.

The disclosure of the above-mentioned patent documents cited shall be incorporated into this document by citation. Within the framework of the entire disclosure (including the scope of claims) of the present invention, it is possible to change or adjust the embodiments or examples based on the basic technical idea thereof. Further, various combinations or selections of various disclosure elements (including each element of each claim, each element of each embodiment or embodiment, each element of each drawing, etc.) within the framework of all disclosure of the present invention. (Including partial deletion) is possible. That is, it goes without saying that the present invention includes all disclosure including claims, and various modifications and modifications that can be made by those skilled in the art in accordance with the technical idea. In particular, with respect to the numerical range described in this document, it should be interpreted that any numerical value or small range included in the range is specifically described even if there is no other description.

1 Internal network 2 External network 10, 10-1 to 10-3 Internal devices 20, 52 Communication control device 21 CPU (Central Processing Unit)
22 Memory 23 Input / output interface 24 NIC (Network Interface Card)
30 Firewall device 40 External device 50 First device 51 Second device 101 Sensor information acquisition unit 102, 201, 402 Reception unit 103, 202, 404 Transmission unit 104, 203, 403 Control unit 204 Response packet processing unit 205 Control information Processing unit 206 Transmission history storage unit 401 Control information input unit 405 Control information storage unit

Claims (11)

With a plurality of first devices connected to the first network,
A second device connected to the second network and communicating with the plurality of first devices,
A communication control device that relays communication between the first device and the second device,
Including
The second device responds to a packet received from the first device of any one of the plurality of first devices with respect to at least one or more first devices of the plurality of first devices. Including control information
The communication control device is used from the same first device so that the transmission interval of packets transmitted by the same first device to the second device is a value obtained by dividing a predetermined period by the number of controls. A communication system that controls packet transmission to the second device and instructs the first device, which is the target of the control information, among the plurality of first devices, to perform an operation obtained from the control information . The communication system according to claim 1, wherein the communication control device transmits a dummy packet to the second device in place of the plurality of first devices at a predetermined timing. Further including a firewall device connected to the first network,
The communication system according to claim 1 or 2, wherein the communication control device transmits / receives packets to / from the second device via the firewall device. The response packet transmitted by the second device includes the control information for the first device different from the first device that transmitted the packet to the second device among the plurality of first devices. The communication system according to any one of claims 1 to 3, which is included. The communication system according to any one of claims 1 to 4, wherein the second device includes a plurality of the control information in one response packet. The control information includes device identification information for identifying the first device to be controlled among the plurality of first devices, and operation instruction information regarding an operation to be executed by the first device to be controlled. The communication system according to any one of claims 1 to 5, further comprising. The communication control device is
The communication system according to claim 6, wherein the first device specified by the device identification information is instructed to perform an operation based on the operation instruction information. The communication system according to claim 6 or 7, wherein the control information includes a plurality of the device identification information or the plurality of operation instruction information. The communication control device is
The communication according to any one of claims 1 to 8, wherein the history information in which the first device instructing the operation obtained from the control information and the instructed control information are associated with each other is output to the external device. system. With a plurality of first devices connected to the first network,
A second device connected to the second network and communicating with the plurality of first devices,
A communication control device that relays communication between the first device and the second device,
In communication systems including
The second device responds to a packet received from the first device of any one of the plurality of first devices, and the second device responds to at least one or more first devices of the plurality of first devices. A step of transmitting the response packet including the control information to the communication control device, and
From the same first device so that the transmission interval of packets transmitted by the same first device to the second device is a value obtained by dividing a predetermined period by the number of controls. A step of controlling packet transmission to the second device, and
A step in which the communication control device instructs the first device among the plurality of first devices to be targeted by the control information to perform an operation obtained from the control information.
Communication methods, including. Communication control that relays communication between a plurality of first devices connected to the first network and a second device connected to the second network and communicating with the plurality of first devices. On the computer installed in the device,
A response packet from the second device to a packet received from the first device of any one of the plurality of first devices, and the first one or more of the plurality of first devices. The process of receiving a response packet containing control information for the device,
From the same first device to the second device so that the transmission interval of packets transmitted by the same first device to the second device is a value obtained by dividing a predetermined period by the number of controls. And the process of controlling packet transmission
A process of instructing the first device targeted by the control information among the plurality of first devices to perform an operation obtained from the control information.
A program that executes.

Images